Detection and Analysis of Persisten Forwarding-Loops

You are probably here, because you have seen a bunch of UDP packets from this IP address crossing your network. This short page explains why we are sending these packets and gives you enough information, so that you can filter them, if you feel that it is necessary.

The experiment

There are a large number of persistent forwarding loops on the internet. We did this experiment back in 2019 and some of the loops we discovered back then are still there today!

We are conducting this study again now and plan to run it for some time to better understand these loops. For that, we are sending UDP packets across the internet from this IP address - in an approx. 10h time window each day, starting at 20:00 EST. When we receive an ICMP Time Exceeded packet back, we traceroute the path to see where the loop bounces packets back and forth until the TTL expires. And that's about it.

Filtering our packets

We sincerely hope you will let our packets pass. But if you have concerns about out experiment or about the possible implications, then it is indeed simple to block them - but please don't if possible :)

You could just simply block the sender IP address - the one of this server: 141.82.3.32. That would be the sledgehammer method though, as really everything from this IP address would be blocked. A more targeted filter would include the transport protocol - which is UDP - and we use 12333 as the destination port. This filter will also make sure that the subsequent traceroute packets will never be sent.

Further questions? Do not hesitate to contact us.